1214457 – (CVE-2015-3150) CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments

Bug 1214457 (CVE-2015-3150) - CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem directory path arguments

Summary: CVE-2015-3150 abrt: abrt-dbus does not guard against crafted problem director...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-3150
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1214609 1214610 1214612 1218236
Blocks:	1211224 1214172
TreeView+	depends on / blocked

Reported:	2015-04-22 18:20 UTC by Florian Weimer
Modified:	2023-05-12 08:59 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	It was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw take ownership of arbitrary files and directories, or to delete files and directories as the root user.
Clone Of:
Environment:
Last Closed:	2015-07-09 05:35:22 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:1083	0	normal	SHIPPED_LIVE	Important: abrt security update	2015-06-09 23:48:24 UTC

Description Florian Weimer 2015-04-22 18:20:27 UTC

It was discovered that the abrt-dbus D-Bus service does not properly
check the validity of the problem directory argument in the
ChownProblemDir, DeleteElement, and DeleteProblem methods.  A local
attacker could use this flaw take ownership of arbitrary files and
directories, or to delete files and directories as the root user.

Acknowledgements:

This issue was discovered by Florian Weimer of Red Hat Product Security.

Comment 3 Jakub Filak 2015-05-05 11:28:39 UTC

These upstream commits fix this cve:
https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7
https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8
https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1
https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75

Comment 4 errata-xmlrpc 2015-06-09 19:49:17 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:1083 https://rhn.redhat.com/errata/RHSA-2015-1083.html

Note You need to log in before you can comment on or make changes to this bug.